Docker Overhauling Container Security

Docker made an announcement that were going to overhaul their current network and and roll out a whole new dynamic integration system that operates with the synergy of its container safeguards across the entire software supply chain. What that means is that Docker Security scanning is at present an 0pt-in service for Docker Cloud private repository plans. It also provides a security assessment of the software included in container images.

This enables them detailed image security profiles, which are continuous and monitor the vulnerability of their system in real time. Thus notifications for integrated content security is accessible across the entire software supply chain. In a global economy this is huge. With the threat of terrorism or attack come in newer and newer forms it is good to take every precaution you can is the thinking behind the overhaul. When we think about our cell phones for instance and think about how vast the reach is of all the raw materials to assembly to eventually reaching market we realize this is a global endeavor and should be treated with the same attention and concern we would give if it were a flight.

What this system does is Docker security scanning software will work across any application and all major Linux distribution platforms. “With this process the developer becomes part of the security process. Devs are able to see the result of the scanning process before they deploy the software, We’ve made it our goal to secure the global software supply chain from development test to production.”

How this is going to work is that Docker image scanning and their vulnerability protection provides a container that is optimized for the capacity of a granular auditing of images. Essentially, the results are presented in a bill of materials containing the details of the image layers and components, along with the security profile of each component, according to their chief engineer.

This allows the independent software vendors, publishers and app teams to get information about their decisions and the content that is based on a more robust security policy. “we believe enhancements like this will continue, as development driven by the interests of a community of users and developers who are becoming more and more concerned with applications security as threats and sophisticated adversaries become more prevalent” he holds.

“Having comprehensive tools that provide visibility and compliance controls across all of this IT delivery landscape– including ability to inspect container engines and images as they’re deployed is going to become more important not less.” What this all boils down to is the fact that “If the Docker ID used to authenticate the Docker cloud is leaked someone may be able to gain access to containers on any node managed by Docker cloud. At this time, Docker cloud does not have find grained permission based access or even API key management.” So if we look at the big picture we see a 50/50 split of what to expect from Docker moving forward. Yes they are making the right moves, but they are already in a deep, deep hole in this arena.